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Abstract 


To successfully integrate business processes between suppliers and customers, 
manufacturers must solve the complex problem of information security. IoT is 
defined as a group of infrastructures interconnecting connected objects and 
allowing their management, data mining and the access to data they generate. It 
embodies the next phase toward mass digitization of supply chains to facilitate 
innovations. IoT encompasses devices such as sensors as well as passive, semi- 
passive (or semi-active), and active electronics which are connected over a 
network. This research aims to investigate the current status and future 
direction of the use of information systems for supply chain management for 
companies with multicomponent production. Based on data collected from 
different enterprises, can be concluded that in order to identify the most 
effective strategies of information support of supply chain the attention should 


focus on the identification and management of the sources of uncertainties. 
Keywords: Supply chain management; Anomaly based algorithm. 
1. Introduction 


Information systems are designed to automate and manage of all stages 
of the organization’s supply maintenance and control the entire product 
distribution in the organization. The term was introduced in 1988, when the 
founders of the US-based company i2, discovered another unoccupied segment 


in the information system market. Since then, many suppliers offer a variety of 
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solutions that are marketed as those intended for supply chain management. 
SCM modules are in all ERP systems. The SCM system allows significantly 
better satisfy the demand for the company's products and significantly reduce 


the costs of logistics and purchasing [1-9]. 
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Figure 1. Sustainable SCM (Source: Internet) 


SCM covers the entire cycle of purchasing of raw materials, production 
and product distribution. Generally, researchers identify six main areas that 
supply chain management focuses on: production, supplies, location, 
warehouse inventory, transportation, and information. The following tasks are 


implemented: 

o Improvement of service level. 

o Optimization of the production cycle Reducing of warehouse inventory. 
o Improvement of enterprise productivity Rise of profitability. 

o Control of the production process. 

2. SCM Solutions 


SCM solutions create optimal plans for the use of existing technological 


lines detailing what, when and in what sequence should be made taking into 
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account the limitations of capacity, raw materials and materials, batch sizes and 
the need to change equipment to produce a new product. This helps to achieve 
a high satisfaction of demand at minimum cost. According to AMR Research 
and Forrester Research, the implementation of SCM allows the companies gain 
such competitive advantages as reducing the cost and order processing time (by 
20-40%), reducing purchasing costs (by 5-15%), reducing time to market (by 
15% -30%), reducing the warehouse inventory (by 20-40%), reducing the 
production costs (by 5-15%), increase in profits by 5-15%. 


A well-functioning supply chain helps to improve the planning system, 
optimize warehouse inventory, make timely deliveries, ensure offer to demand 


conformity, reduce costs and, as a result, increase the company's market value. 


The current trends in the development of SCM technologies are defined 
by the enormous possibilities of the Internet [10-27]. The chains of 
manufacturers, suppliers, contractors, transport and trading companies are 
intertwined in the most intimate way and are already real online networks. 
Companies merge into the business community, and the boundaries between 
them are disappeared. However, there is a transparency of joint activities, 
performers can quickly adapt to customer requirements, as well as quickly 
bring new products to the market using advanced methods of prediction and 


planning. 


The Internet is the simplest, cheapest, and most efficient technological 
means to manage and control the partner networks. Companies usually start 
with combination of the simplest activities using emails and workflow 
automation systems, then moving on to virtual docking of the most important 
business processes, and then merging into one virtual corporation within which 
the entire network is synchronized [28-33]. This is already a transition to global 
e-commerce, when all business transactions and payments are arranged through 


the Web without exception. As a result, not only productivity significantly 
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increases, but also all processes significantly accelerate which lead to 
qualitatively new effects. For example, such a network system can minimize 
the impact of almost any negative external influences and create new products 
much faster than competitors. One of the first corporations that successfully 
switched to the parallel design of their products (laser printers) by uniting 
development teams from different countries is Hewlett-Packard. A company 
like Adaptec saves $ 10 million annually using web-based design with partners 


from Japan. 


Approximately as much save Boeing and TRW when conducting joint 
research. And General Motors, working through the CommerceOne 
TradeXchange e-platform and selecting suppliers in fact in real time, saves 


about $ 400 million annually on costs. 


However, in spite of the obvious advantages of Web Supply 
Management, there is a huge amount of uncertainty and cyber security risks. 
All these types of vulnerabilities and other weaknesses can leave users 
vulnerable to the threat being compromised or attacked. Inefficient security 
methods include, such as not sufficiently fast fixing of known vulnerabilities, 
unlimited privileged access to cloud systems, and unmanaged terminators and 


infrastructure. 


We also consider the question: why the expansion of the Internet creates 
an even greater risk for organizations and their users, as well as for consumers, 
and what information security specialists must do now to eliminate these risks 


before it becomes impossible to control them. 


The use of proxy servers is often an integral part of the implementation 
and operation of Supply Chain Management. Proxy servers have existed since 
the Internet inception, and their functionality has developed directly with it. 
Today, information security specialists use proxy servers when scanning 


content to identify a potential threat that are search for vulnerable Internet 
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infrastructures or network weaknesses that allow hackers to gain unauthorized 
access to Supply Chain Management, penetrate into them and conduct their 


campaigns. 


Most of modern online advertising software in the Internet is potentially 
unwanted application (PUA) and is spyware. Spyware providers advertise their 
software as legal tools that provide useful services and adhere to end-user 
license agreements. Spyware disguised as PUA is software that secretly collects 
information about a user's computer activity. It is usually installed on a 


computer without the user's knowledge. 


In this study, spyware is divided into three broad categories: adware, 
system monitors and Trojans. In a corporate environment, spyware represents a 
number of potential security risks. For example, it may do the following: Steal 
user and company information, including personal data and other proprietary or 


confidential information. 


Reduce the effectiveness of security devices by changing their 
configurations and settings, installing additional software and providing access 
to third parties. Spyware can also potentially remotely execute arbitrary code 
on devices, allowing hackers to completely control the device. Increase the 
number of infections [34-41]. Once users are infected with PUA, such as by 


spyware or adware, they are vulnerable to even more malware infections 


Recently, in the field of security, much attention has been paid to 
extortion programs. Nevertheless, another threat, by no means of such a high 
level, which gives its creators much more than ransomware, is the compromise 
of corporate e-mail. Today, this is currently the most profitable way to get a lot 
of money from a business. This is a deceptively light attack vector that uses 
social engineering to initiate theft. In the simplest version, the campaign to 


compromise business email includes the delivery of email to employees of 


Volume XII, Issue VIII, AUGUST 2022 Page No: 95 


International Journal of Management, Technology And Engineering ISSN NO : 2249-7455 


financial departments (sometimes using fake data from other employees), who 


can send funds via bank transfer. 


Hackers usually carry out some researches in hierarchy of the 
companies and its employees, for example, using profiles in social networks, 
and build management vertical. This may be a letter from the CEO or another 
top manager asking him to transfer a non-cash payment to a prospective 
business partner or supplier. The message should motivate the recipient to send 
money, which as a result will usually end up in foreign or regional bank 
accounts owned by cybercriminals. Since messages aimed to compromise the 
business email do not contain malicious or suspicious links, they can usually 


avoid almost all the most sophisticated threat defenses. 


Despite the fact that SCM in their own way are proprietary IC, they are 
based on free or shareware DevOps services. By this concept is meant such 
technologies as Docker, MySQL, MariaDB and other popular DevOps 
components. In January 2017, hackers began to encrypt publicly- available 
instances of MongoDB and demand a ransom for decryption. Later, hackers 
began to encrypt other types of databases, such as CouchDB and Elasticsearch. 
Services like DevOps services are often vulnerable because they are improperly 
deployed or intentionally left open to facilitate access by legitimate users. 
About 75% of CouchDB servers can be classified as maximally open 
(accessible via the Internet and do not require authentication). Only less than 
one quarter of them require authentication (at least entering some accounting 
information). As in the case of CouchDB, over 75% of Elasticsearch servers 
can be classified as maximally open. Unlike CouchDB, only an extremely 
small part of these servers may contain personal data. Docker is a software 
platform, whose operators from the very beginning paid great attention to 
security. However, despite these efforts, over 1,000 Docker instances are 


maximally open. Most Docker instances were found in the USA or China. 
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The cloud is a new area for hackers who are actively exploring it in 
order to gain new potential for their attacks. Hackers realize that cloud systems 
are vital for many Web Supply Management [42-59]. They also realize that 
they can break into corporate systems faster if they can break into a cloud 
system. Modern dynamic networks provide more opportunities for attack 
creating new security risks and reducing the possibility of control. The main 
source of such risks is the cloud. In addition, unauthorized and so -called 


shadow IT devices and applications create problems. 


End-companies underestimate the risk (and number) of loopholes in 
their corporate network, cloud and end-device infrastructure. The lack of 
simple control leads to the fact that, on the average, from 20 to 40% of the 
network infrastructure and infrastructure of end-devices becomes inaccessible 


for analysis or management of an organization. 


It is a problem that affects organizations working in the public, 
healthcare, and financial and technology sectors. Unmanaged network 
infrastructure and end devices can be easily attacked by hackers who need a 
base to integrate into the organization’s infrastructure and compromise specific 


objects. 


They can also be used to extract data or send unauthorized Tor traffic, 
or they can be part of a botnet. Even a simple router, firewall, or incorrect 
segmentation setting can allow a hacker to break into the infrastructure and 


gain access to confidential data. 


The Internet of Things (Internet of Things, IoT) is the interconnection 
of physical devices, vehicles, buildings and other items (often called 
“connected devices” or “smart devices”) that have built-in electronics, 
software, sensors, actuators and are capable to connect to the network, allowing 


them to collect data and share it. 
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IoT includes three main elements: information technology (IT), 
operational technology (OT) and consumer technology (CT). Industrial Internet 
of Things (Industrial Internet of Things, HoT) means only connected devices 
within a production control network as opposed to a corporate IT network or 
datacenter. IoT offers great possibilities for cooperation and innovation in the 
business field. However, as it grows, there is the increasing of security risk of 


organizations and users. 


One of the problems is the complexity of monitoring. Most information 
security specialists do not know which IoT devices are connected to their 
network. Security, as a rule, doesn’t have top priority when creating IoT 
devices (and these are all devices, starting with cameras and ending with 


thermostats and intelligent measuring instruments). 


Many of these devices are far behind in terms of security from desktop 
systems and have vulnerabilities fixing of which can take months or even years. 
In addition, they are characterized by: Vulnerability and risk reporting and 
updates are almost or completely missing The launch is made on a specialized 
architecture, The presence of non-updated or deprecated applications that have 


vulnerabilities, for example, Windows XP Fixing is rarely used. 


The difficulty in the security issue of IoT devices is added by the fact 
that information security specialists may not comprehend the nature of the 
alarms coming from these devices. In addition, it is not always clear who 


among the employees in the company is responsible in case of attacks on IoT. 
3. Conclusions 


Organizations must also take the inventory devices and systems that are 
connected to the network. If security teams can only check with snapshots or 
old lists of managed devices, they can skip at least 20% of devices physically 


connected to the network via a wired connection. Such inventories should be 
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regular and automatic, as the corporate network, cloud infrastructure and end- 
device infrastructure are constantly changing and cannot be effectively 
monitored by staff manually. Today, the industry is moving to modern network 
connections. It is necessary to move to connected IP systems because existing 
systems require expensive maintenance and are complex. In addition, 
consumers are waiting for new secure and mobile services that the existing 


communication infrastructure cannot offer. 
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